AI Policy Generator
Answer a few questions and get a practical internal AI usage policy you can copy or download. Everything runs in your browser — your answers are never stored or sent to a server.
Preview
AI Usage Policy
This is a simple, practical guide to using AI tools safely at work. It explains what's OK, what to avoid, and when to ask for help.
1. Purpose & Scope
This policy applies to all employees and contractors who use generative AI tools for work in our professional services / consulting business. It covers the approved AI tools listed below and any similar tools used for company work.
2. Approved AI Tools
The following tools are approved for use under this policy:
- ChatGPT
Using a new AI tool that is not on this list should be approved first (see Tool Approval).
3. Approved Uses
Employees can use approved AI tools for:
- Marketing & content writing
- Internal documents & summaries
4. Restricted & Prohibited Uses
The following uses need to be avoided unless specifically approved:
- Any use involving sensitive, regulated, or confidential data without approval.
AI need to not be used to make final decisions about people (hiring, termination, credit, or similar) without human judgment.
5. Data Input Rules
Our data sensitivity level is Medium — some internal or business-confidential data. When using AI tools:
- Do not enter passwords, API keys, or other credentials into any AI tool.
- Do not paste confidential contracts or legal documents into AI tools without approval.
- Do not enter customer or employee personal information unless the tool is approved for it.
- Remove or redact names, account numbers, and identifiers before using AI where possible.
6. Human Review
Review requirement: For anything customer-facing or external.
Any AI-generated content that is customer-facing or shared externally must be reviewed by a person before it is sent or published. The person who uses AI output is responsible for its accuracy.
7. Tool Approval Process
Before adopting a new AI tool, check who the vendor is, what data it stores, whether business terms are available, and who owns the output. A manager should approve the tool before it is used for company work.
8. Incident Reporting
If sensitive data is entered into an AI tool by mistake, incorrect AI output reaches a customer, or an unapproved tool is used, report it to your manager promptly so it can be handled.
9. Employee Responsibilities
Employees need to follow this policy, protect confidential information, review AI output before relying on it, and ask before using AI in a new or uncertain situation.
10. Review Cycle
This policy should be reviewed at least every 6 months, and whenever new AI tools are adopted or new risks emerge.
This policy provides practical operational guidance for AI usage management. It is not legal advice and does not guarantee regulatory compliance. Review it with qualified professionals where appropriate before adopting it.
Need the full internal policy set?
The AI Governance Starter Pack includes 12 ready-to-use templates — employee guidance, approval and review checklists, incident response, and more — as editable Word, PDF, and Excel files.